Hollywood’s hacking pains are bigger than movie leaks

NEW YORK (AP) — Piracy is a long-running and even routine issue for Hollywood, whether it’s street vendors hawking bootleg DVDs on street corners or video uploaded to file-sharing sites like Pirate Bay. Now cybercriminals are also putting embarrassing chatter and other company secrets at risk.

The reputational risk from leaked email is much more difficult to calculate than any financial risk from piracy. “In some ways, that risk can be higher because you have no way of knowing what’s in those emails,” said Erik Rasmussen of Kroll Cyber Security.

The cataclysmal event in the back of everyone’s mind is the Sony hack in 2014 . While unreleased movies were leaked, what’s remembered is the chaos unleashed amid a network shutdown and the disclosure of derisive comments about such well-known actors as Angelina Jolie and Leonardo DiCaprio and racially insensitive remarks about then-President Barack Obama.

Although the recent HBO leaks so far have fallen well short of the damage inflicted on Sony, there were concerns early on that hackers were setting the stage for an embarrassing sequel for Hollywood.

Piracy still a problem

While the attention is on leaked emails, that’s not to say Hollywood isn’t worried about piracy.

On online forums where criminals “advertise their ill-gotten gains,” there is now entertainment content “popping up as basically sections of these websites,” Rasmussen said.

Some people believe that video leaks can help gin up media and viewer attention for a show or movie, but leaking shows and movies does hurt Hollywood’s take, especially if it happens before the official release, Carnegie Mellon professor Michael Smith said.

In a 2014 analysis, Smith and his co-authors concluded that a movie’s box-office revenue dropped 19 percent, on average, when it was leaked ahead of the theatrical release, compared with a leak after the movie hit theaters. The research was part of a Carnegie Mellon initiative funded by the Motion Picture Association of America, Hollywood’s lobbying group.

One way to overcome pirates is to make programs widely and cheaply available. Netflix has many shows and movies that are easily accessible around the world for a single monthly price. In April, hackers leaked most new episodes of Netflix’s “Orange is the New Black” before their official release in early June. That doesn’t seem to have driven customers away. Netflix added more than 5 million subscribers in the April-to-June period, the largest increase ever for that quarter.

Separate from HBO’s recent run-ins with hackers, upcoming “Game of Thrones” episodes have leaked several times, and it is TV’s most pirated show. The show is still a massive hit for HBO, with high viewership and critical acclaim. As for the recent hacks, episodes of “Curb Your Enthusiasm,”“Insecure,”“Ballers” and several other shows leaked.

It helped that entire seasons weren’t released, forcing viewers to subscribe to view the whole show.

Because piracy is already prevalent, the leak of several scattered TV episodes might not have been enough to force such a payment, said Alex Heid, chief research officer at risk management firm SecurityScorecard. “Pirated content ends up on Pirate Bay within 24 hours of airing. Any show on HBO, any movie, the moment it’s released, on the first day, you see it on pirated internet streams.”

But hackers released an email from HBO in which the company expressed willingness to pay them $250,000 as part of a negotiation over data swiped from HBO’s servers. Whether or not HBO ever intended to follow through with the offer, the email raised questions among security professionals about the importance of the data.

Besides upcoming episodes, the HBO data dumps included what appeared to be contact information of Hollywood actors , a month’s worth of emails of one employee, sensitive internal documents like job offer letters and scripts for future episodes.

A person familiar with the situation, speaking on condition of anonymity because the person wasn’t authorized to speak publicly, said HBO was proactive in communicating with actors ahead of their personal information being released to the public. That may be helping mitigate the impact of what leaks did occur.

Companies that do get hacked should be up front with customers, employees and other affected parties as soon as possible, said Richard Levick, the head of crisis-management firm Levick. “You can’t sweep it under the rug,” he said. “You can’t be opaque about it.”

Comparisons

with Sony

In the Sony case, hackers crippled Sony’s network, wiped the company’s data and dumped thousands of internal emails and documents, including sensitive information such as employees’ salary information and Social Security numbers. Racially insensitive comments made by the former co-chair of Sony Pictures Entertainment, Amy Pascal, paved the way for her exit a few months later.

Michael Lynton, who left as Sony Pictures’ head in January, said that press coverage of the emails hurt the studio’s standing in Hollywood and that the public airing of employees’ private information and conversations “took a long time to deal with,” the trade publication Variety reported .

The movie studio said in April 2015 that “investigation and remediation expenses” related to the hack cost it $41 million, or about 8 percent of the film and TV division’s profit that fiscal year. It later reached an $8 million settlement with current and former employees.

Studios are learning to be cautious.

“I know people in the industry that now don’t do deals over email,” Smith said. “They do deals over the phone because it’s not archived.”

Lynton told Recode in 2016 that instead of email, “my fax machine is in great use at this point.”

Sony declined comment on Lynton’s remarks.

Rasmussen said companies are also sharing information with law enforcement in an effort to protect the whole industry — and stave off another sequel.